ScreenShot
| Created | 2024.06.16 10:41 | Machine | s1_win7_x6401 |
| Filename | ticket2w.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 21 detected (AIDetectMalware, Malicious, score, Unsafe, GenericKD, Generic@AI, RDML, nDU0jlMfkU+e03EbYE9aGA, Outbreak, Detected, ai score=84, Casdet) | ||
| md5 | db063c7f3eeed0ac66c3c42fd3797f59 | ||
| sha256 | daf69668d44a8a20bb0b544e4f36669735d849aaefae87c1a70fad220b85d1e5 | ||
| ssdeep | 3072:jHTXh1+sOsOHrHT/gd+RbJEj0z7g5h0gL41XxEvfXBsJy7BcJL29xGPV9I+Oxh:jHT33KP4gbJzT6+Jylc0eun | ||
| imphash | a47a07f9e013e4d3faa72b51f29d500d | ||
| impfuzzy | 96:oO4nYU3Me0M12wiI+p/v2UCV1r++mvOStPEbNDwPbOQTv:o13Mm2wiIl51VSOaPbOQTv | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x42f3f0 SysFreeString
0x42f3f4 SysReAllocStringLen
0x42f3f8 SysAllocStringLen
advapi32.dll
0x42f400 RegQueryValueExA
0x42f404 RegOpenKeyExA
0x42f408 RegCloseKey
user32.dll
0x42f410 GetKeyboardType
0x42f414 DestroyWindow
0x42f418 LoadStringA
0x42f41c MessageBoxA
0x42f420 CharNextA
kernel32.dll
0x42f428 GetACP
0x42f42c Sleep
0x42f430 VirtualFree
0x42f434 VirtualAlloc
0x42f438 GetCurrentThreadId
0x42f43c InterlockedDecrement
0x42f440 InterlockedIncrement
0x42f444 VirtualQuery
0x42f448 WideCharToMultiByte
0x42f44c MultiByteToWideChar
0x42f450 lstrlenA
0x42f454 lstrcpynA
0x42f458 LoadLibraryExA
0x42f45c GetThreadLocale
0x42f460 GetStartupInfoA
0x42f464 GetProcAddress
0x42f468 GetModuleHandleA
0x42f46c GetModuleFileNameA
0x42f470 GetLocaleInfoA
0x42f474 GetCommandLineA
0x42f478 FreeLibrary
0x42f47c FindFirstFileA
0x42f480 FindClose
0x42f484 ExitProcess
0x42f488 CompareStringA
0x42f48c WriteFile
0x42f490 UnhandledExceptionFilter
0x42f494 RtlUnwind
0x42f498 RaiseException
0x42f49c GetStdHandle
kernel32.dll
0x42f4a4 TlsSetValue
0x42f4a8 TlsGetValue
0x42f4ac LocalAlloc
0x42f4b0 GetModuleHandleA
user32.dll
0x42f4b8 CreateWindowExA
0x42f4bc UnregisterClassA
0x42f4c0 TranslateMessage
0x42f4c4 SetWindowLongA
0x42f4c8 SetTimer
0x42f4cc RegisterClassA
0x42f4d0 PostThreadMessageA
0x42f4d4 PeekMessageA
0x42f4d8 MessageBoxA
0x42f4dc LoadStringA
0x42f4e0 KillTimer
0x42f4e4 GetWindowLongA
0x42f4e8 GetSystemMetrics
0x42f4ec GetClassInfoA
0x42f4f0 DispatchMessageA
0x42f4f4 DestroyWindow
0x42f4f8 DefWindowProcA
0x42f4fc CharNextA
0x42f500 CharUpperBuffA
0x42f504 CharToOemA
version.dll
0x42f50c VerQueryValueA
0x42f510 GetFileVersionInfoSizeA
0x42f514 GetFileVersionInfoA
kernel32.dll
0x42f51c WriteFile
0x42f520 WaitForSingleObject
0x42f524 VirtualQuery
0x42f528 VirtualAlloc
0x42f52c SizeofResource
0x42f530 SetFilePointer
0x42f534 SetEvent
0x42f538 SetErrorMode
0x42f53c SetEndOfFile
0x42f540 ResetEvent
0x42f544 ReadFile
0x42f548 MultiByteToWideChar
0x42f54c LockResource
0x42f550 LoadResource
0x42f554 LoadLibraryA
0x42f558 LeaveCriticalSection
0x42f55c InitializeCriticalSection
0x42f560 GetVersionExA
0x42f564 GetUserDefaultLCID
0x42f568 GetTickCount
0x42f56c GetThreadLocale
0x42f570 GetSystemDefaultLCID
0x42f574 GetStdHandle
0x42f578 GetShortPathNameA
0x42f57c GetProcAddress
0x42f580 GetModuleHandleA
0x42f584 GetModuleFileNameA
0x42f588 GetLocaleInfoA
0x42f58c GetLocalTime
0x42f590 GetLastError
0x42f594 GetFullPathNameA
0x42f598 GetDiskFreeSpaceA
0x42f59c GetDateFormatA
0x42f5a0 GetCurrentThreadId
0x42f5a4 GetCPInfo
0x42f5a8 FreeResource
0x42f5ac InterlockedIncrement
0x42f5b0 InterlockedExchange
0x42f5b4 InterlockedDecrement
0x42f5b8 FreeLibrary
0x42f5bc FormatMessageA
0x42f5c0 FindResourceA
0x42f5c4 FindFirstFileA
0x42f5c8 FindClose
0x42f5cc EnumCalendarInfoA
0x42f5d0 EnterCriticalSection
0x42f5d4 DeleteCriticalSection
0x42f5d8 CreateFileA
0x42f5dc CreateEventA
0x42f5e0 CompareStringA
0x42f5e4 CloseHandle
advapi32.dll
0x42f5ec RegSetValueExA
0x42f5f0 RegDeleteKeyA
0x42f5f4 RegCreateKeyExA
0x42f5f8 RegCloseKey
oleaut32.dll
0x42f600 CreateErrorInfo
0x42f604 GetErrorInfo
0x42f608 SetErrorInfo
0x42f60c DispGetIDsOfNames
0x42f610 RegisterTypeLib
0x42f614 LoadTypeLibEx
0x42f618 SafeArrayGetElement
0x42f61c SafeArrayGetLBound
0x42f620 SafeArrayGetUBound
0x42f624 SysFreeString
ole32.dll
0x42f62c CreateBindCtx
0x42f630 CoTaskMemFree
0x42f634 CLSIDFromProgID
0x42f638 StringFromCLSID
0x42f63c CoCreateInstance
0x42f640 CoLockObjectExternal
0x42f644 CoDisconnectObject
0x42f648 CoRevokeClassObject
0x42f64c CoRegisterClassObject
0x42f650 CoUninitialize
0x42f654 CoInitialize
0x42f658 IsEqualGUID
kernel32.dll
0x42f660 Sleep
ole32.dll
0x42f668 IsEqualGUID
oleaut32.dll
0x42f670 SafeArrayPtrOfIndex
0x42f674 SafeArrayGetUBound
0x42f678 SafeArrayGetLBound
0x42f67c SafeArrayCreate
0x42f680 VariantChangeType
0x42f684 VariantCopyInd
0x42f688 VariantCopy
0x42f68c VariantClear
0x42f690 VariantInit
URLMON.DLL
0x42f698 MkParseDisplayNameEx
EAT(Export Address Table) is none
oleaut32.dll
0x42f3f0 SysFreeString
0x42f3f4 SysReAllocStringLen
0x42f3f8 SysAllocStringLen
advapi32.dll
0x42f400 RegQueryValueExA
0x42f404 RegOpenKeyExA
0x42f408 RegCloseKey
user32.dll
0x42f410 GetKeyboardType
0x42f414 DestroyWindow
0x42f418 LoadStringA
0x42f41c MessageBoxA
0x42f420 CharNextA
kernel32.dll
0x42f428 GetACP
0x42f42c Sleep
0x42f430 VirtualFree
0x42f434 VirtualAlloc
0x42f438 GetCurrentThreadId
0x42f43c InterlockedDecrement
0x42f440 InterlockedIncrement
0x42f444 VirtualQuery
0x42f448 WideCharToMultiByte
0x42f44c MultiByteToWideChar
0x42f450 lstrlenA
0x42f454 lstrcpynA
0x42f458 LoadLibraryExA
0x42f45c GetThreadLocale
0x42f460 GetStartupInfoA
0x42f464 GetProcAddress
0x42f468 GetModuleHandleA
0x42f46c GetModuleFileNameA
0x42f470 GetLocaleInfoA
0x42f474 GetCommandLineA
0x42f478 FreeLibrary
0x42f47c FindFirstFileA
0x42f480 FindClose
0x42f484 ExitProcess
0x42f488 CompareStringA
0x42f48c WriteFile
0x42f490 UnhandledExceptionFilter
0x42f494 RtlUnwind
0x42f498 RaiseException
0x42f49c GetStdHandle
kernel32.dll
0x42f4a4 TlsSetValue
0x42f4a8 TlsGetValue
0x42f4ac LocalAlloc
0x42f4b0 GetModuleHandleA
user32.dll
0x42f4b8 CreateWindowExA
0x42f4bc UnregisterClassA
0x42f4c0 TranslateMessage
0x42f4c4 SetWindowLongA
0x42f4c8 SetTimer
0x42f4cc RegisterClassA
0x42f4d0 PostThreadMessageA
0x42f4d4 PeekMessageA
0x42f4d8 MessageBoxA
0x42f4dc LoadStringA
0x42f4e0 KillTimer
0x42f4e4 GetWindowLongA
0x42f4e8 GetSystemMetrics
0x42f4ec GetClassInfoA
0x42f4f0 DispatchMessageA
0x42f4f4 DestroyWindow
0x42f4f8 DefWindowProcA
0x42f4fc CharNextA
0x42f500 CharUpperBuffA
0x42f504 CharToOemA
version.dll
0x42f50c VerQueryValueA
0x42f510 GetFileVersionInfoSizeA
0x42f514 GetFileVersionInfoA
kernel32.dll
0x42f51c WriteFile
0x42f520 WaitForSingleObject
0x42f524 VirtualQuery
0x42f528 VirtualAlloc
0x42f52c SizeofResource
0x42f530 SetFilePointer
0x42f534 SetEvent
0x42f538 SetErrorMode
0x42f53c SetEndOfFile
0x42f540 ResetEvent
0x42f544 ReadFile
0x42f548 MultiByteToWideChar
0x42f54c LockResource
0x42f550 LoadResource
0x42f554 LoadLibraryA
0x42f558 LeaveCriticalSection
0x42f55c InitializeCriticalSection
0x42f560 GetVersionExA
0x42f564 GetUserDefaultLCID
0x42f568 GetTickCount
0x42f56c GetThreadLocale
0x42f570 GetSystemDefaultLCID
0x42f574 GetStdHandle
0x42f578 GetShortPathNameA
0x42f57c GetProcAddress
0x42f580 GetModuleHandleA
0x42f584 GetModuleFileNameA
0x42f588 GetLocaleInfoA
0x42f58c GetLocalTime
0x42f590 GetLastError
0x42f594 GetFullPathNameA
0x42f598 GetDiskFreeSpaceA
0x42f59c GetDateFormatA
0x42f5a0 GetCurrentThreadId
0x42f5a4 GetCPInfo
0x42f5a8 FreeResource
0x42f5ac InterlockedIncrement
0x42f5b0 InterlockedExchange
0x42f5b4 InterlockedDecrement
0x42f5b8 FreeLibrary
0x42f5bc FormatMessageA
0x42f5c0 FindResourceA
0x42f5c4 FindFirstFileA
0x42f5c8 FindClose
0x42f5cc EnumCalendarInfoA
0x42f5d0 EnterCriticalSection
0x42f5d4 DeleteCriticalSection
0x42f5d8 CreateFileA
0x42f5dc CreateEventA
0x42f5e0 CompareStringA
0x42f5e4 CloseHandle
advapi32.dll
0x42f5ec RegSetValueExA
0x42f5f0 RegDeleteKeyA
0x42f5f4 RegCreateKeyExA
0x42f5f8 RegCloseKey
oleaut32.dll
0x42f600 CreateErrorInfo
0x42f604 GetErrorInfo
0x42f608 SetErrorInfo
0x42f60c DispGetIDsOfNames
0x42f610 RegisterTypeLib
0x42f614 LoadTypeLibEx
0x42f618 SafeArrayGetElement
0x42f61c SafeArrayGetLBound
0x42f620 SafeArrayGetUBound
0x42f624 SysFreeString
ole32.dll
0x42f62c CreateBindCtx
0x42f630 CoTaskMemFree
0x42f634 CLSIDFromProgID
0x42f638 StringFromCLSID
0x42f63c CoCreateInstance
0x42f640 CoLockObjectExternal
0x42f644 CoDisconnectObject
0x42f648 CoRevokeClassObject
0x42f64c CoRegisterClassObject
0x42f650 CoUninitialize
0x42f654 CoInitialize
0x42f658 IsEqualGUID
kernel32.dll
0x42f660 Sleep
ole32.dll
0x42f668 IsEqualGUID
oleaut32.dll
0x42f670 SafeArrayPtrOfIndex
0x42f674 SafeArrayGetUBound
0x42f678 SafeArrayGetLBound
0x42f67c SafeArrayCreate
0x42f680 VariantChangeType
0x42f684 VariantCopyInd
0x42f688 VariantCopy
0x42f68c VariantClear
0x42f690 VariantInit
URLMON.DLL
0x42f698 MkParseDisplayNameEx
EAT(Export Address Table) is none